Privacy International's comments on the zero draft of the WHO convention, agreement or other international instrument on pandemic prevention ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Privacy International’s comments on the zero draft of the WHO
convention, agreement or other international instrument on
pandemic prevention, preparedness and response (“WHO CA+”)
February 2023
Introduction
Privacy International (PI) welcomes the zero draft of the WHO convention, agreement or
other international instrument on pandemic prevention, preparedness and response
(“WHO CA+”).1 PI has sought to closely follow and engage with the discussions leading up
to the draft treaty, despite the significant limitations to civil society participation in the
process.2 In November 2022 we submitted our observations to the conceptual zero draft of
the WHO CA+ and on 15 February 2023 we intervened during the briefing organised by the
INB bureau.
PI believes that the zero draft offers a good basis for negotiations. In particular, we
welcome the inclusion of a provision on confidentiality and privacy (Article 26.) The inclusion
of such provision reflects the importance that data protection and privacy plays in any
effective, modern public health policies, including supporting the building of trust which is
so fundamental in cooperation among states in this field. However, there are significant
gaps in the zero draft which need to be addressed to ensure the treaty puts the respect
and protection of human rights at the centre of the prevention and response to future
pandemics. Most notably, we recommend that the WHO CA+ includes specific provisions to
require effective regulation of the private-sector entities including ensuring that safeguards
(such as transparency, adequate procurement process, accountability, oversight and
redress) are in place to mitigate the risks of human rights harm.
1
Available at: https://apps.who.int/gb/inb/e/e_inb-4.html
2
In November 2021, PI was a signatory to the open letter calling on the World Health Assembly to put
human rights at the forefront of the pandemic treaty. In April 2022, PI made a written submission, and
delivered an oral statement, to the WHO Intergovernmental Negotiating Body public hearing. Our
contributions are available here: https://privacyinternational.org/advocacy/4838/pis-contribution-
first-public-consultation-international-pandemic-treaty
1The following sections provide comments on specific provisions of the zero draft and build
upon observations previously made by PI.3
Preamble
Reference to human rights
PI welcomes the reference to human rights in PP2 and to the right to health in PP4.
We recommend that:
• PP2 also reaffirms the responsibility of companies to respect human rights in
accordance with the UN Guiding Principles on Business and Human Rights;4
• PP4 makes the list of prohibited discriminatory grounds an open list by including
'other status', in line with the wording of Article 2(1) of the International Covenant on
Economic, Social and Cultural Rights and Article 2 of the Universal Declaration on
Human Rights.
Role of civil society
PI also welcomes the reaffirmation in PP15 of the "importance of diverse, gender-balanced
and equitable representation and expertise" in pandemic prevention, preparedness and
response.
We recommend that:
• PP15 includes an acknowledgment of the role of civil society organisations in
pandemic prevention, preparedness and response.
3
See: PI's submission on the conceptual zero draft, 29 November 2022,
https://privacyinternational.org/advocacy/4990/pis-analysis-conceptual-zero-draft-whos-
pandemic-treaty; and on the working draft of the WHO’s Pandemic prevention, preparedness and
response accord, 21 September 2022, https://privacyinternational.org/advocacy/4957/pis-
submission-working-draft-whos-pandemic-prevention-preparedness-and-response
4
See UN Guiding Principles on Business and Human Rights,
https://www.ohchr.org/sites/default/files/Documents/Publications/GuidingPrinciplesBusinessHR_E
N.pdf
2Role of technology
As governments and companies increasingly develop and use new and emerging
technologies to seek achieving universal health coverage,5 PI recommends that the
Preamble reflects the recommendation made by the UN High Commissioner for Human
Rights that “human rights should be at the heart of tech governance”, and on the need to
mitigate the harmful use of technologies.6
• We recommend the Preamble includes a commitment to ensuring the appropriate
use of digital technologies for health and reaffirm existing obligations to protect
people and their rights within the framework established by international treaties
binding the Member States.7
Chapter II. Objective(s), principles and scope
Article 4. Principles
Article 4.1. Respect for human rights
PI recommend that Article 4.1:
• refers to respect, protect and fulfil human rights in its title to adequately cover the
range of human rights obligations under applicable international law;
• includes reference to the Universal Declaration of Human Rights and the core
international human rights instruments;8
5
Privacy International, Digital Health: what does it mean for your rights and freedoms, 8 November
2021. Available at: https://privacyinternational.org/long-read/4671/digital-health-what-does-it-
mean-your-rights-and-freedoms;
6
UN High Commissioner for Human Rights, Human rights should be at the heart of tech governance,
1 September 2022, https://www.ohchr.org/en/stories/2022/09/human-rights-should-be-heart-
tech-governance
7
See WHO Global Strategy on Digital Health 2020-2025, https://www.who.int/docs/default-
source/documents/gs4dhdaa2a9f352b0445bafbc79ca799dce4d.pdf
8
See The Core International Human Rights Instruments and their monitoring bodies,
https://www.ohchr.org/en/core-international-human-rights-instruments-and-their-monitoring-
bodies
3Article 4.2. The right to health
PI recommend that Article 4.2:
• includes reference to all components of the right to health, notably availability,
accessibility, acceptability and quality in line with, inter alia, General Comment 14 of
the Committee on Economic, Social and Cultural Rights;9
• makes the list of prohibited discriminatory grounds an open list by including 'other
status', in line with the wording of Article 2(1) of the International Covenant on
Economic, Social and Cultural Rights and Article 2 of the Universal Declaration on
Human Rights.
Article 4. 6.Transparency
We welcome that the principle of transparency includes reference to international privacy
and data protection rules, regulations and laws. It is fundamental that any sharing of
information and data is done responsibly to avoid risks of abuses and harm to individuals
and communities. The WHO policy on data sharing in the context of public health
emergencies has articulated that security and confidentiality remain central pillars of any
decision-making even within times of emergency.10
Article 4.7 Accountability
While states have the primary responsibility to ensure the right to health, private actors
play a central role in the health sectors and should be held accountable for abuses to
peoples’ rights.
PI recommends that Article 4.7:
• includes reference to Member States’ obligations to protect against abuses by non-
state actors as well as companies’ responsibility to respect human rights.
9
Committee on Economic, Social and Cultural Rights, General Comment No. 14 (2000) The right to
the highest attainable standard of health (article 12 of the International Covenant on Economic,
Social and Cultural Rights),
https://tbinternet.ohchr.org/_layouts/15/treatybodyexternal/Download.aspx?symbolno=E%2fC.12%2
f2000%2f4&Lang=en
10
WHO, Policy statement on data sharing by WHO in the context of public health emergencies,
https://apps.who.int/iris/handle/10665/254440
4Article 4.12. Non-discrimination and respect for diversity
As per comment above, PI recommends that Article 4.12:
• makes the list of prohibited discriminatory grounds an open list by including 'other
status', in line with the wording of Article 2(1) of the International Covenant on
Economic, Social and Cultural Rights and Article 2 of the Universal Declaration on
Human Rights.
Chapter III. Achieving equity in, for and through pandemic prevention,
preparedness, response and recovery of health systems
Article 7. Access to technology: promoting sustainable and equitably
distributed production and transfer of technology and know-how
This provision is central to the future treaty, given how important role technology (and the
processing of data related to its use) plays and is likely to play in the prevention and
response of pandemics. There are immense lessons to be learned from recent prior
pandemics around the use of data and technology and in particular the impact they have
on people and their rights.
PI has long documented the increased reliance on private companies to deliver public
health services including in the context of the COVID 19 pandemic.11 Examples included
companies’ involvement in developing contact tracing apps, without necessarily
considering their impact on privacy/data protection, digital identity companies providing
vaccination status identification tools, data analytics companies offering health data
management solutions to countries across the globe, without any transparency regarding
what those entailed and telecommunications companies entering into data sharing
agreements with public authorities or even third party analytics companies to enable
tracking and location mapping.12
11
See Privacy International, Covid-19 response: Corporate Exploitation, 8 April 2020. Available at:
https://privacyinternational.org/news-analysis/3592/covid-19-response-corporate-exploitation
12
See: PI's submission on the working draft of the WHO’s Pandemic prevention, preparedness and
response accord, 21 September 2022. Available at:
https://privacyinternational.org/advocacy/4957/pis-submission-working-draft-whos-pandemic-
prevention-preparedness-and-response
5Considering these concerns, PI recommends that:
• Article 7(2) is further developed to require that Parties have publicly accessible, clear,
precise, comprehensive and non-discriminatory legal frameworks to protect,
promote and respect human rights and to regulate the use of data and technology;
• Article 7(3) clarifies that participation of private-sector entities are effectively
regulated and that safeguards (such as transparency, adequate procurement
process, accountability, oversight and redress) are in place to mitigate the risks of
human rights harm.
Chapter IV. Strengthening and sustaining capacities for pandemic
prevention, preparedness, response and recovery of health systems
Article 11. Strengthening and sustaining preparedness and health systems’
resilience
Given the central role data and technology played in the response to the recent
pandemics, it seems unavoidable that the treaty should consider and address the benefits
and harms that such technologies entail.
In particular, PI noted how governments’ responses to the COVID-19 pandemic have often
been predicated on the introduction of new or poorly tested technologies and the
exploitation of personal data, without human rights due diligence and effective
enforcement of human rights obligations and with little consideration of how these
technologies contributed (or not) to the resilience of the health system and its capacity to
deliver health services to individuals and communities, in particular those in vulnerable
positions.13
PI recommends that Article 11 includes provisions requiring states parties to:
• adopt a rights-based approach to the use and adoption of digital technologies in
health which focuses on ensuring equity in access to care;
• carry out human rights impact assessments prior to the introduction of technologies
in the health systems;
13
For some examples, see: https://privacyinternational.org/examples/tracking-global-response-
covid-19
6• adopt and assess their publicly accessible, clear, precise, comprehensive and non-
discriminatory legal frameworks to protect, promote and respect human rights and
to regulate the use of data and technology;
• undertake regular audits and evaluations of the use of technologies in the health
system to assess and reflect on the impact it has on patients, in particular those
from already marginalised communities, and make these audits public;
• ensure the respect and protection of the personal data processed by the health
system, including by companies;
Article 14. Protection of human rights
PI welcomes the inclusion of a human rights article in this treaty.
We recommend that:
• Article 14 includes a recognition that human rights continue to apply during states of
emergency as codified in the Siracusa Principles, including the principles of legality,
necessity and proportionality;14
• Article 14(1) is worded to reflect existing obligations under international human rights
law by replacing “in accordance with their national laws” with “in accordance with
international human rights law”, given the obligation of all Member States to protect
human rights without discrimination;
• Article 14(2) spell out the obligations of states to protect against abuses by non-
state actors, such as private companies;
• Article 14(2)(b) is strengthened to avoid any uncertainty on the scope of obligation
under this provision and avoid unintended double standards, by deleting
“endeavour to”.
14
United Nations, Economic and Social Council, Siracusa Principles on the Limitation and Derogation
Provisions in the International Covenant on Civil and Political Rights, U.N. Doc. E/CN.4/1985/4, Annex
(1985), http://hrlibrary.umn.edu/instree/siracusaprinciples.html
7Chapter VI. Financing
Article 19. Sustainable and predictable financing
• PI recommends that financing mechanisms adopt rights-based decision-making
processes and include requirements to undertake comprehensive Human Rights Due
Diligence (HRDD). Building on observed shortcoming of existing financing
mechanisms, we also recommend that these mechanisms integrate strong
transparency and accountability mechanisms.
Chapter VIII. Final Provisions
Article 26. Confidentiality and data protection
PI strongly welcomes this provision which reflects the importance that data protection
and privacy plays in any effective, modern public health policies, including supporting the
building of trust which is so fundamental in cooperation among states in this field.
Over 150 countries around the world have adopted data protection legislation15 and data
protection principles have been recognised in a range of UN resolutions and reports by UN
human rights experts and bodies.16 It is important that the WHO CA+ recognises these
developments and provide clear guidance on states.
We recommend that this Article is strengthen by:
• replacing “with each Party’s national law, as applicable, regarding” with
“internationally recognized principles on the protection of personal data,”
15
See https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1951416
16
For relevant references, see Privacy International, Data Protection Guide,
https://privacyinternational.org/data-protection-guide. See also report of the UN Special
Rapporteur on the right to privacy, UN Doc. A/77/196, 20 July 2022,
https://undocs.org/Home/Mobile?FinalSymbol=A%2F77%2F196&Language=E&DeviceType=Desktop&
LangRequested=False
8You can also read
